refactor: require password verification
chore: styling work
This commit is contained in:
parent
7977fe9ea7
commit
86fa2b6d4b
16 changed files with 348 additions and 88 deletions
|
|
@ -27,10 +27,188 @@ Deno.test({
|
|||
const password_hash = encodeBase64(
|
||||
await crypto.subtle.digest('SHA-256', new TextEncoder().encode(password))
|
||||
);
|
||||
const password_verification_hash = encodeBase64(
|
||||
await crypto.subtle.digest('SHA-256', new TextEncoder().encode(password))
|
||||
);
|
||||
|
||||
const info = await get_new_user(client, {
|
||||
username,
|
||||
password_hash
|
||||
password_hash,
|
||||
password_verification_hash
|
||||
});
|
||||
|
||||
asserts.assert(info);
|
||||
asserts.assert(info.user);
|
||||
asserts.assert(info.session);
|
||||
asserts.assert(info.headers);
|
||||
|
||||
const user: USER = info.user;
|
||||
|
||||
asserts.assertEquals(user.username, username);
|
||||
|
||||
await delete_user(client, info);
|
||||
} finally {
|
||||
if (test_server_info) {
|
||||
await test_server_info?.server?.stop();
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
Deno.test({
|
||||
name: 'API - USERS - Create (fail on mismatched password verification hash)',
|
||||
permissions: {
|
||||
env: true,
|
||||
read: true,
|
||||
write: true,
|
||||
net: true
|
||||
},
|
||||
fn: async () => {
|
||||
let test_server_info: EPHEMERAL_SERVER | null = null;
|
||||
try {
|
||||
test_server_info = await get_ephemeral_listen_server();
|
||||
const client: API_CLIENT = api({
|
||||
prefix: '/api',
|
||||
hostname: test_server_info.hostname,
|
||||
port: test_server_info.port
|
||||
});
|
||||
|
||||
const username = random_username();
|
||||
const password = 'password';
|
||||
const password_hash = encodeBase64(
|
||||
await crypto.subtle.digest('SHA-256', new TextEncoder().encode(password))
|
||||
);
|
||||
const password_verification_hash = encodeBase64(
|
||||
await crypto.subtle.digest('SHA-256', new TextEncoder().encode(password + '1'))
|
||||
);
|
||||
|
||||
try {
|
||||
const info = await get_new_user(client, {
|
||||
username,
|
||||
password_hash,
|
||||
password_verification_hash
|
||||
});
|
||||
|
||||
asserts.fail('allowed user creation with mismatched password_verification_hash')
|
||||
}
|
||||
catch( error ) {
|
||||
asserts.assert( error );
|
||||
}
|
||||
} finally {
|
||||
if (test_server_info) {
|
||||
await test_server_info?.server?.stop();
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
Deno.test({
|
||||
name: 'API - USERS - Create (mismatched password_verification)',
|
||||
permissions: {
|
||||
env: true,
|
||||
read: true,
|
||||
write: true,
|
||||
net: true
|
||||
},
|
||||
fn: async () => {
|
||||
let test_server_info: EPHEMERAL_SERVER | null = null;
|
||||
try {
|
||||
test_server_info = await get_ephemeral_listen_server();
|
||||
const client: API_CLIENT = api({
|
||||
prefix: '/api',
|
||||
hostname: test_server_info.hostname,
|
||||
port: test_server_info.port
|
||||
});
|
||||
|
||||
const username = random_username();
|
||||
const password = 'password';
|
||||
|
||||
try {
|
||||
const info = await get_new_user(client, {
|
||||
username,
|
||||
password,
|
||||
password_verification: password + '1'
|
||||
});
|
||||
|
||||
asserts.fail( 'allowed account creation with mismatched password_verification' );
|
||||
}
|
||||
catch( error ) {
|
||||
asserts.assert( error );
|
||||
}
|
||||
} finally {
|
||||
if (test_server_info) {
|
||||
await test_server_info?.server?.stop();
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
Deno.test({
|
||||
name: 'API - USERS - Create (auto-generate password in testing)',
|
||||
permissions: {
|
||||
env: true,
|
||||
read: true,
|
||||
write: true,
|
||||
net: true
|
||||
},
|
||||
fn: async () => {
|
||||
let test_server_info: EPHEMERAL_SERVER | null = null;
|
||||
try {
|
||||
test_server_info = await get_ephemeral_listen_server();
|
||||
const client: API_CLIENT = api({
|
||||
prefix: '/api',
|
||||
hostname: test_server_info.hostname,
|
||||
port: test_server_info.port
|
||||
});
|
||||
|
||||
const username = random_username();
|
||||
|
||||
const info = await get_new_user(client, {
|
||||
username,
|
||||
});
|
||||
|
||||
asserts.assert(info);
|
||||
asserts.assert(info.user);
|
||||
asserts.assert(info.session);
|
||||
asserts.assert(info.headers);
|
||||
|
||||
const user: USER = info.user;
|
||||
|
||||
asserts.assertEquals(user.username, username);
|
||||
|
||||
await delete_user(client, info);
|
||||
} finally {
|
||||
if (test_server_info) {
|
||||
await test_server_info?.server?.stop();
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
Deno.test({
|
||||
name: 'API - USERS - Create (auto-generate password_verification in testing)',
|
||||
permissions: {
|
||||
env: true,
|
||||
read: true,
|
||||
write: true,
|
||||
net: true
|
||||
},
|
||||
fn: async () => {
|
||||
let test_server_info: EPHEMERAL_SERVER | null = null;
|
||||
try {
|
||||
test_server_info = await get_ephemeral_listen_server();
|
||||
const client: API_CLIENT = api({
|
||||
prefix: '/api',
|
||||
hostname: test_server_info.hostname,
|
||||
port: test_server_info.port
|
||||
});
|
||||
|
||||
const username = random_username();
|
||||
const password = 'password';
|
||||
|
||||
const info = await get_new_user(client, {
|
||||
username,
|
||||
password
|
||||
});
|
||||
|
||||
asserts.assert(info);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue